Just thought I'd share this experience I had over the weekend, as it may save someone else many hours of troubleshooting.
I've been tinkering around with Windows 8 at home, even though I know there's little likelihood that we'll implement it at work any time soon.
While using my Windows 8 machine to copy a large amount of files from my NAS to a USB drive, I was experiencing lock-ups of my system. It wasn't a complete crash. The system would just become extremely unresponsive.
It soon became apparent that something was leaking memory. I was seeing the amount of memory being consumed skyrocket up to 100%, at which point the copy process would crash and system would stop responding politely. The task manager and performance monitor were not attributing the memory to any process however.
I tried using robocopy instead of Explorer copy. Same thing.
I tried updating the Realtek network driver, USB 3 driver and even the ASUS BIOS, (as they were all a few versions behind). Same thing.
I was getting to the point where I was figuratively scratching my head, so I tried booting into safe mode with networking. Aha! The memory usage stayed consistent and the copy performed just fine!
There are a number of network related drivers that safe mode don't load. DriverView showed that one of them is the Windows Network Data Usage Monitoring Driver ndu.sys that was introduced in Windows 8 and provides "network data usage monitoring functionality".
Disabling this driver by changing the start value to 4 in HKLM\SYSTEM\CurrentControlSet\Services\Ndu
solved the problem.
Maybe this will be fixed when Microsoft releases Blue.
Showing posts with label error. Show all posts
Showing posts with label error. Show all posts
Sunday, May 19, 2013
Thursday, February 11, 2010
SCCM: Failed in GetCertificate(...): 0x80040281
I started seeing this error in the ccmsetup.log file on some client machines after updating to Service Pack 2 on the SCCM Server:
Failed in GetCertificate(...): 0x80040281
The SP2 installation does not automatically update the client installation files. In the SCCM console, if you navigate to:
Site Database : Site Management : Site Code - Site Name: Site Settings : Client Installation Methods
...and open Software Update Point Client Installation, you should be prompted to update the published version of the client. Note that it can take 30 seconds or so before you can re-open it to see the published version match the available version.
You may also need to update the client in other locations, such as Group Policy or the Right-Click tools.
Cheers,
Sean
Failed in GetCertificate(...): 0x80040281
The SP2 installation does not automatically update the client installation files. In the SCCM console, if you navigate to:
Site Database : Site Management : Site Code - Site Name: Site Settings : Client Installation Methods
...and open Software Update Point Client Installation, you should be prompted to update the published version of the client. Note that it can take 30 seconds or so before you can re-open it to see the published version match the available version.
You may also need to update the client in other locations, such as Group Policy or the Right-Click tools.
Cheers,
Sean
Wednesday, January 20, 2010
Windows Update Problem Fixup Script
I've had this script floating around for a while. I put it together based on a number of recommendations from Microsoft regarding fixing problems with Windows Update.
Note that this will fix some errors, but there are a whole swag of issues that can arise with automatic updates.
Also, as always, I take absolutely no responsibility if this causes your machine to implode (although I would love to see the photos if it does!)
@echo off
if exist %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tmp*.cat del /F /Q %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tmp*.cat
if exist %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\tmp*.cat del /F /Q %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\tmp*.cat
if exist %systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\kb*.cat del /F /Q %systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\kb*.cat
if exist %systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kb*.cat del /F /Q %systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kb*.cat
regsvr32 /s softpub.dll
regsvr32 /s wintrust.dll
regsvr32 /s initpki.dll
regsvr32 /s dssenh.dll
regsvr32 /s rsaenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s sccbase.dll
regsvr32 /s slbcsp.dll
regsvr32 /s mssip32.dll
regsvr32 /s cryptdlg.dll
attrib -s -h %windir%
attrib -s -h %windir%\system32
attrib -s -h %windir%\system32\catroot2
net stop cryptsvc
ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc
net stop wuauserv
rd /S /Q %windir%\SoftwareDistribution
md %windir%\SoftwareDistribution
net start wuauserv
Cheers,
Sean
Note that this will fix some errors, but there are a whole swag of issues that can arise with automatic updates.
Also, as always, I take absolutely no responsibility if this causes your machine to implode (although I would love to see the photos if it does!)
@echo off
if exist %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tmp*.cat del /F /Q %systemroot%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tmp*.cat
if exist %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\tmp*.cat del /F /Q %systemroot%\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\tmp*.cat
if exist %systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\kb*.cat del /F /Q %systemroot%\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\kb*.cat
if exist %systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kb*.cat del /F /Q %systemroot%\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\kb*.cat
regsvr32 /s softpub.dll
regsvr32 /s wintrust.dll
regsvr32 /s initpki.dll
regsvr32 /s dssenh.dll
regsvr32 /s rsaenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s sccbase.dll
regsvr32 /s slbcsp.dll
regsvr32 /s mssip32.dll
regsvr32 /s cryptdlg.dll
attrib -s -h %windir%
attrib -s -h %windir%\system32
attrib -s -h %windir%\system32\catroot2
net stop cryptsvc
ren %systemroot%\System32\Catroot2 oldcatroot2
net start cryptsvc
net stop wuauserv
rd /S /Q %windir%\SoftwareDistribution
md %windir%\SoftwareDistribution
net start wuauserv
Cheers,
Sean
Sunday, October 25, 2009
Cannot start Microsoft Outlook. Cannot open the Outlook window.
I had an interesting problem over the weekend... on my HOME computer!! O_o
Trying to launch Outlook, I was receiving the error message “Cannot start Microsoft Outlook. Cannot open the Outlook window.”
It appears that the configuration file for the Navigation Pane can get corrupted and this will prevent Outlook from launching successfully.
This can be remedied by running OUTLOOK.EXE with the /RESETNAVPANE switch.
Trying to launch Outlook, I was receiving the error message “Cannot start Microsoft Outlook. Cannot open the Outlook window.”
It appears that the configuration file for the Navigation Pane can get corrupted and this will prevent Outlook from launching successfully.
This can be remedied by running OUTLOOK.EXE with the /RESETNAVPANE switch.
Monday, July 27, 2009
RSA Server IP Address Change
A gotcha discovered while changing the IP address of an RSA Authentication server.
To change the address of the server, you need to use the rsautil command from the command line:
rsautil update-instance-node --old-host Current_IP_Address --new-host New_IP_Address --instance primary
where:
• Current_IP_Address is the current IP address of the instance, for example,192.168.1.1.
• New_IP_Address is the new IP address of the instance, for example,192.168.200.245.
That's all well and good and is in the administrative guide. Of course, you'll need to reconfigure any devices that are pointing to the IP address of the server as well, such as an authentication agent on your Aventail or ASA.
However, you may see failed authentications and start noticing this in your logs:
Node secret mismatch. Cleared on agent but not on server.
In order to fix this, you'll have to get CLI access to your Aventail or ASA and delete the node secret files from the device. On an Aventail, these will be ststatus.12, securid ( delete them from /var/ace then restart the policy server using /etc/init.d/policyserver restart ). On the ASA it will be 192-168-111-123.sdi. Then connect to your RSA Security Console and manage the existing Authentication agents. You should then be able to select "Manage Node Secret" from the drop-down menu and clear the node secret. The secret will then be renegotiated on first use.
Cheers,
Sean
To change the address of the server, you need to use the rsautil command from the command line:
rsautil update-instance-node --old-host Current_IP_Address --new-host New_IP_Address --instance primary
where:
• Current_IP_Address is the current IP address of the instance, for example,192.168.1.1.
• New_IP_Address is the new IP address of the instance, for example,192.168.200.245.
That's all well and good and is in the administrative guide. Of course, you'll need to reconfigure any devices that are pointing to the IP address of the server as well, such as an authentication agent on your Aventail or ASA.
However, you may see failed authentications and start noticing this in your logs:
Node secret mismatch. Cleared on agent but not on server.
In order to fix this, you'll have to get CLI access to your Aventail or ASA and delete the node secret files from the device. On an Aventail, these will be ststatus.12, securid ( delete them from /var/ace then restart the policy server using /etc/init.d/policyserver restart ). On the ASA it will be 192-168-111-123.sdi. Then connect to your RSA Security Console and manage the existing Authentication agents. You should then be able to select "Manage Node Secret" from the drop-down menu and clear the node secret. The secret will then be renegotiated on first use.
Cheers,
Sean
Wednesday, May 27, 2009
SCCM: Machines that have failed an advertisement
I get tired of sifting through the standard reports that restrict you to a particular deployment, a particular advertisement, a particular collection, a particular state, etc. I often like to see details at a more global level, even if those details run to hundreds or thousands of lines, so I often write my own reports in WQL.
I decided it would be a good idea today if I could see all machines that have failed an advertisement... or more particularly, failed any advertisement. As usual, the standard report requires you to specify an advertisement and a state.
So I spent a half hour or so working out how I could get a report of any machines that had failed any advertisement. I decided it would be a good idea to optionally filter the results using an Advertisement ID in case I wanted to narrow it down. Here's the result:
The Prompt Query for the Variable @AdvertID (defaults to %) is:
begin
if (@__filterwildcard = '')
select AdvertisementID, AdvertisementName, Comment from v_Advertisement order by AdvertisementName
else
select AdvertisementID, AdvertisementName, Comment from v_Advertisement
WHERE AdvertisementID like @__filterwildcard
order by AdvertisementName
end
The main SQL Statement for the report is:
select sys.Netbios_Name0, sys.User_Domain0, sys.User_Name0,site.SMS_Installed_Sites0, Client_Type0, ainfo.AdvertisementName, LastStatusMessageID, LastStatusMessageIDName, DATEADD(ss,@__timezoneoffset,LastStatusTime) as LastStatusTime, stat.AdvertisementID, LastExecutionResult, LastExecutionContext
from v_ClientAdvertisementStatus stat
join v_AdvertisementInfo ainfo on stat.AdvertisementID=ainfo.AdvertisementID
join v_R_System sys on stat.ResourceID=sys.ResourceID
left join v_RA_System_SMSInstalledSites site on stat.ResourceID=site.ResourceID
where stat.LastState='11' /* 11 = failed */
and stat.AdvertisementID LIKE @AdvertID
I hope someone else finds this useful.
Cheers,
Sean
PS: I've extended this concept into a collection, The WQL Query for the collection is:
select sys.ResourceID, sys.ResourceType, sys.Name,
sys.SMSUniqueIdentifier, sys.ResourceDomainORWorkgroup, sys.Client
from SMS_R_System as sys
join SMS_ClientAdvertisementStatus as adstat
on adstat.ResourceID=sys.ResourceID
where adstat.LastState='11'
I decided it would be a good idea today if I could see all machines that have failed an advertisement... or more particularly, failed any advertisement. As usual, the standard report requires you to specify an advertisement and a state.
So I spent a half hour or so working out how I could get a report of any machines that had failed any advertisement. I decided it would be a good idea to optionally filter the results using an Advertisement ID in case I wanted to narrow it down. Here's the result:
The Prompt Query for the Variable @AdvertID (defaults to %) is:
begin
if (@__filterwildcard = '')
select AdvertisementID, AdvertisementName, Comment from v_Advertisement order by AdvertisementName
else
select AdvertisementID, AdvertisementName, Comment from v_Advertisement
WHERE AdvertisementID like @__filterwildcard
order by AdvertisementName
end
The main SQL Statement for the report is:
select sys.Netbios_Name0, sys.User_Domain0, sys.User_Name0,site.SMS_Installed_Sites0, Client_Type0, ainfo.AdvertisementName, LastStatusMessageID, LastStatusMessageIDName, DATEADD(ss,@__timezoneoffset,LastStatusTime) as LastStatusTime, stat.AdvertisementID, LastExecutionResult, LastExecutionContext
from v_ClientAdvertisementStatus stat
join v_AdvertisementInfo ainfo on stat.AdvertisementID=ainfo.AdvertisementID
join v_R_System sys on stat.ResourceID=sys.ResourceID
left join v_RA_System_SMSInstalledSites site on stat.ResourceID=site.ResourceID
where stat.LastState='11' /* 11 = failed */
and stat.AdvertisementID LIKE @AdvertID
I hope someone else finds this useful.
Cheers,
Sean
PS: I've extended this concept into a collection, The WQL Query for the collection is:
select sys.ResourceID, sys.ResourceType, sys.Name,
sys.SMSUniqueIdentifier, sys.ResourceDomainORWorkgroup, sys.Client
from SMS_R_System as sys
join SMS_ClientAdvertisementStatus as adstat
on adstat.ResourceID=sys.ResourceID
where adstat.LastState='11'
Wednesday, March 4, 2009
SCCM: Distribution Error and the Ampersand
I came across an interesting problem in SCCM today. A branch distribution point ( BDP ) wasn't replicating a package and it turns out it was because one of the files in the package had an ampersand ( & ) in the file name.
I was seeing this in the ContentTransferManager.log on the BDP:
Unable to enumerate files in E:\BDPTmpWrkFldr\PDP2B6A.tmp (0x80070003)
I came across a Microsoft Knowledge Base article KB967648 that matches the error:
Consider the following scenario:
- Distribution points and branch distribution points exist in a Microsoft System Center Configuration Manager 2007 Service Pack 1 (SP1) site.
- A package is saved on distribution points and on branch distribution points.
- A file name in this package contains an ampersand (&).
- A property of this package is changed on the distribution points.In this scenario, branch distribution points cannot update this package, and an error is encountered. Additionally, package distribution fails, and the package folder on branch distribution points cannot be accessed because of security permissions issues.
There is a hotfix available from Microsoft that is linked from the KB article.
Subscribe to:
Comments (Atom)
Posts
